CVE-2025-66208 Configuration-Dependent RCE (OS Command Injection) in richdocumentscode proxy

Collabora Online - Built-in CODE Server richdocumentscode provides a built-in server with all of the document editing features of Collabora Online. In versions prior to 25.04.702, Collabora Online has a Configuration-Dependent RCE OS Command Injection in richdocumentscode proxy. Users of Nextclou...

CVE-2025-66208

CVE-2025-66208 affects Collabora Online – Built-in CODE Server (richdocumentscode proxy). The vulnerability is a configuration-dependent OS command injection (RCE) in the richdocumentscode proxy present in versions prior to 25.04.702, exploitable by attackers via proxy.php and an intermediate rev...

CVE-2025-66208 Configuration-Dependent RCE (OS Command Injection) in richdocumentscode proxy

Collabora Online - Built-in CODE Server richdocumentscode provides a built-in server with all of the document editing features of Collabora Online. In versions prior to 25.04.702, Collabora Online has a Configuration-Dependent RCE OS Command Injection in richdocumentscode proxy. Users of Nextclou...

CVE-2025-66208 Configuration-Dependent RCE (OS Command Injection) in richdocumentscode proxy

Collabora Online - Built-in CODE Server richdocumentscode provides a built-in server with all of the document editing features of Collabora Online. In versions prior to 25.04.702, Collabora Online has a Configuration-Dependent RCE OS Command Injection in richdocumentscode proxy. Users of Nextclou...

PT-2025-48979

Name of the Vulnerable Software and Affected Versions Collabora Online - Built-in CODE Server versions prior to 25.04.702 Description Collabora Online - Built-in CODE Server, which provides document editing features, contains a configuration-dependent Remote Code Execution RCE issue in the...

CVE-2023-49782 Cross-Site-Scripting vulnerability in error message passing in richdocumentscode

Collabora Online is a collaborative online office suite based on LibreOffice technology. Users of Nextcloud with Collabora Online - Built-in CODE Server app can be vulnerable to attack via proxy.php. The bug was fixed in Collabora Online - Built-in CODE Server richdocumentscode release 23.5.601...

CVE-2023-49788 Improper handling of browser-side provided input in richdocuments path handling

Collabora Online is a collaborative online office suite based on LibreOffice technology. Unlike a standalone dedicated Collabora Online server, the Built-in CODE Server richdocumentscode is run without chroot sandboxing. Vulnerable versions of the richdocumentscode app can be susceptible to attac...

CVE-2023-49788

Collabora Online’s Built-in CODE Server (richdocumentscode) is vulnerable to commands from the client that could overwrite files outside the transient session subdirectory. The issue affects vulnerable richdocumentscode versions and is mitigated by upgrading to release 23.5.602; users are advised...

CVE-2023-48314

CVE-2023-48314 affects Collabora Online — Built-in CODE Server (richdocumentscode) before 23.5.403 , due to a vulnerability in the proxy.php component. The flaw arises from improper input handling/unescaped data, allowing a remote attacker to manipulate the page and potentially execute an attack....